Quishing attacks, a form of phishing utilizing QR codes, spiked drastically from 0.8% in 2021 to 10.8% in 2024, as reported by Egress. Over the same period, attachment-based payloads halved from 72.7% to 35.7%. Impersonation attacks, with 77% posing as prominent brands like DocuSign and Microsoft, remained prevalent alongside intensified social engineering tactics, comprising 16.8% of phishing attempts.
Multi-channel assaults, leveraging popular work messaging apps such as Microsoft Teams and Slack, surged, with these platforms collectively constituting half of the second steps in such attacks. Microsoft Teams alone saw a substantial 104.4% increase in 2024 compared to the previous quarter. AI-driven methods also gained prominence, with cybercriminals expected to utilize deepfakes in video and audio formats to enhance attack sophistication.
Jack Chapman, SVP of threat intelligence at Egress, emphasized the persistence of cybercriminals in investing heavily in high-reward attacks. Despite technological advancements, secure email gateways (SEGs) exhibited a 52.2% increase in undetected attacks in early 2024, highlighting the necessity for adaptive cybersecurity strategies. Additionally, millennials emerged as prime targets, particularly in sectors like finance, legal, and healthcare, with personalized social engineering attacks tailored around events like Valentine’s Day reflecting the evolving nature of cyber-threats.
